A comprehensive collection of simulated Advanced Persistent Threat (APT) attacks based on real-world tactics, techniques, and procedures (TTPs) used by state-sponsored APT Groups from Russia, China, Iran, and North Korea.
Caution
Important Notice: This project is strictly for educational, research, and defensive security purposes only. Unauthorized use of these techniques may violate laws and result in serious legal consequences.
This repository contains detailed adversary simulation APT campaigns targeting various critical sectors. Each simulation includes custom tools, command and control (C2) servers, backdoors, exploitation techniques, stagers, bootloaders, and other malicious artifacts that mirror those used in real-world attacks. The simulations are based on extensive research from leading cybersecurity firms, including Palo Alto Unit 42, Kaspersky, Microsoft, Cisco, Trellix, CrowdStrike, and WithSecure.
Learn more about the importance and methodology:
- Why Adversary Simulation? - Understanding the strategic value of simulating advanced threats
- Adversary Simulation VS Adversary Emulation - Key differences and when to use each approach
The naming convention for APT groups follows CrowdStrike's taxonomy. Below is the complete list of simulated APT Groups:
| Country of Origin | Russia 🇷🇺 | China 🇨🇳 | North Korea 🇰🇵 | Iran 🇮🇷 |
|---|---|---|---|---|
| APT Groups | Cozy Bear ✅ | Mustang Panda ✅ | Labyrinth Chollima ✅ | Helix Kitten |
| Voodoo Bear ✅ | Glacial Panda | Velvet Chollima ✅ | Pioneer Kitten | |
| Fancy Bear ✅ | Wicked Panda ✅ | Famous Chollima ✅ | Clever Kitten | |
| Energetic Bear ✅ | Goblin Panda | Stardust Chollima ✅ | Static Kitten | |
| Berserk Bear ✅ | Anchor Panda | Ricochet Chollima ✅ | Tracer Kitten | |
| Gossamer Bear ✅ | Deep Panda | Silent Chollima | Nemesis Kitten | |
| Primitive Bear ✅ | Samurai Panda | Spectral Kitten | ||
| Ember Bear ✅ | Phantom Panda | Charming Kitten | ||
| Venomous Bear ✅ | Sunrise Panda | Pulsar Kitten | ||
| Ethereal Panda | Remix Kitten | |||
| Pioneer kitten |
All adversary simulations are powered by Bear-C2, a custom command and control framework designed for realistic threat emulation.
Bear-C2 GitHub Repository: https://github.com/S3N4T0R-0X0/BEAR
If you have any questions, issues, or suggestions, feel free to join our Telegram channel, you're welcome to join!
🚨 Always Remember: "Be The Threat To Defeat It"
